Rajan Kharat

PCI DSS Auditor

• Conducted PCI DSS audits (v3.2.1 / v4.0), including scoping, evidence collection, and testing of controls for merchants and service providers.
• Performed gap assessments and provided remediation guidance for encryption, key management, and cardholder data storage requirements.
• Reviewed firewall configurations, segmentation controls, access management, and vulnerability management processes to validate compliance.
• Authored ROC (Report on Compliance) and Attestation of Compliance (AOC) documents in line with PCI SSC guidelines.
• Worked with client teams to design compensating controls where standard requirements were not feasible.
• Also worked along with the National Payment Corporation of India (NPCI) to ensure compliance with Information Technology general controls.
• Working with various Asian banks for PCI DSS compliance.compliance
• Performed remote and onsite network penetration testing and vulnerability assessment audits for industry-leading BPOs, call centers, and banks across the globe—mainly in the Asia and Middle East regions.
• Collaborated with third-party payment card industry (PCI) compliance partners.
• Performed application penetration testing audits for mainly banking and credit card applications, shopping cart applications, payment switch, and payment gateway applications, and mobile applications.
• Performed firewall rule-set reviews for the client base across the globe.